<?php
	$root = $_SERVER['DOCUMENT_ROOT'];
	include($root . "/util/config.php");
	include($root . "/util/session.php");//checks that the user is logged in
	include($root . "/util/privilege_check.php");
	checkPrivilege("admin");
	if($_SERVER["REQUEST_METHOD"] == "POST"){
		$username=mysqli_real_escape_string($db,$_POST['username']);

		$sql_query="select * from users where username = '$username'";
		$result=mysqli_query($db,$sql_query);
		//check if user exists
		if(mysqli_num_rows($result) != 0){
			$error="User exists";
		}
		else{
			$password=mysqli_real_escape_string($db,$_POST['password']);
			$full_name=mysqli_real_escape_string($db,$_POST['full_name']);
			$usertype=mysqli_real_escape_string($db,$_POST['usertype']);
			$ssn=mysqli_real_escape_string($db,$_POST['ssn']);
			$gender=mysqli_real_escape_string($db,$_POST['gender']);
			$phone=mysqli_real_escape_string($db,$_POST['phone']);
			$email=mysqli_real_escape_string($db,$_POST['email']);
			$users_sql_query="INSERT INTO `users` (`username`, `password`, `usertype`) VALUES ('$username', '$password', '$usertype')";
			mysqli_query($db,$users_sql_query);
			$user_info_sql_query="INSERT INTO `user_info` (`login`, `full_name`, `ssn`, `gender`, `phone`, `email`, `picture`) VALUES ('$username', '$full_name', '$ssn', '$gender', '$phone', '$email', NULL)";
			mysqli_query($db,$user_info_sql_query);

			echo "$password $full_name $usertype $ssn $email";
		}
	}
?>

<html>
<body>

<li><a href="/admin/admin.php">Back</a></li>
<form action="/admin/useradd.php" method="post">
	<label for="username">Username:</label><br>
	<input type="text" id="username" name="username"><br>
	<label for="password">User password:</label><br>
	<input type="password" id="password" name="password"><br>
	<label for="full_name">Full name:</label><br>
	<input type="text" id="full_name" name="full_name"><br>
	<label for="usertype">User type:</label><br>
	<input type="radio" id="student" name="usertype" value="student">
	<label for="student">Student</label><br>
	<input type="radio" id="teacher" name="usertype" value="teacher">
	<label for="teacher">Teacher</label><br>
	<input type="radio" id="admin" name="usertype" value="admin">
	<label for="admin">Admin</label><br>
	<label for="ssn">Social Security Number:</label><br>
	<input type="text" id="ssn" name="ssn"><br>
	<label for="gender">Gender:</label><br>
	<input type="text" id="gender" name="gender"><br>
	<label for="phone">Phone Number:</label><br>
	<input type="text" id="phone" name="phone"><br>
	<label for="email">Email Address:</label><br>
	<input type="email" id="email" name="email"><br>
	<input type="submit" value="Submit">
</form>
<div style = "font-size:11px; color:#cc0000; margin-top:10px"><?php if(isset($error)){echo $error;} ?></div>

</body>
</html>
